How will you know when you get there? That’s the point our pal Kevin Riggins made during his first RSA Conference talk. He wrote up the talk and allowed it to be posted on the Symantec blog. Kevin uses the metaphor of the Winchester Mystery House as a clear (and rather painful) analogy for how far too many people operate their security environments.
Writing is hard – I get it. Tech writing is hard – I get it. Tech journalism is hard, especially when you need to translate complex technological issues into prose that the common reader (depending on your demographic) can understand. Writing about security for TidBITS and Macworld for the past 6 or so years has been an amazing educational experience as I have had to learn exactly how to walk this tightrope and explain things like memory parsing vulnerabilities and ASLR to consumers.
I am pretty upfront about my turbulent job history. Some of the issues were due to not doing enough homework up front before taking a job. But as I look back I am not sure I would have made different decisions about which jobs to take even if I had done more homework. A post at SCMagazine by Justin Somaini makes a couple good points about what questions to ask before taking a CISO job.
Internet troll “weev” sentenced to 41 months for AT&T/iPad hack
Weev is a total sociopath (not just a troll), and I have no sympathy for him. He wouldn’t know altruism if it kicked him in the nads, and I have little doubt his goal was to harm AT&T with his discovery. But, by all appearances, this is a weak case and a stretch of the Computer Fraud and Abuse Act with consequences not only for legitimate security research, but for Internet use in general.
As a huge NFL fan with the DTs without a game to obsess about each week, I am constantly looking for parallels between football and my daily existence. Adrian talked a bit in one of his Incite snippets last week about how Facebook uses red team exercises to make sure they are prepared for the real thing.
One of the things I miss least about doing marketing on a daily basis is product reviews. Of course when you win it’s awesome. You can then puff up your chest and take a victory lap as the sales folks use the review to beat down the competition. But when you lose it totally sucks. And depending on the culture of the company, unless it was a clear and decisive victory, it may be taken as a loss. Which requires damage control, forcing you to spin why the test was flawed. Then you need to question…
Raising children in the age of the Internet is both exhilarating and terrifying.
As a geek I am jealous of the technology my children will grow up with. You can make the argument that technology always advances, and my children will feel the same way about their offspring, but I think the genesis of the Internet is a clear demarcation line in human history.
The rhetoric about cyberattacks is nearly deafening. It seems like my Twitter timeline blows up every day about cyber-this or cyber-that. Makes me want to cyber-puke. Since Mandiant pointed the finger at China everyone seems to be jumping on the bandwagon of tough talk and posturing.
The big ChoicePoint breach of 2004 was the result of criminals creating false business accounts and running credit reports on hundreds of thousands of customers (probably). Every major credit/background company has experienced this kind of breach of service going back decades – just look at the Dataloss DB.
It’s hard to believe, but my family and I have been in Atlanta almost 9 years. The twins were babies; now they are people. Well, kind of. I grew up in the Northeast and spent many days shoveling our driveway during big snowstorms. Our 15 years in Northern Virginia provided a bit less shoveling time, but not much.